WEBINAR

Defending APIs with Jim Manico – Episode 1

November 10, 2022 | 9am PST | 5pm BST

Webinar Series - Defending APIs with Jim Manico

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.

Episode 1: Request Forgery on the Web - CSRF & SSRF

In this first episode Jim and Colin will discuss request forgery and how to prevent it. This technical talk is intended for the software developer who needs to build secure web applications and APIs. it will cover the two variants of request forgery —  client-side (CSRF) and server-side (SSRF).

  • CSRF is most widely associated with vulnerable web applications that trick a user in a client browser into submitting transactions they never intended to use in their current authenticated session. We will discuss historical CSRF attacks and investigate various well-proven defense strategies. For API developers we will investigate whether APIs are vulnerable to CSRF, and how to prevent it.
  • SSRF attacks allow a malicious client to trick a vulnerable server into submitting requests to an unintended location, typically by submitting malformed URLs in payloads and relying on vulnerabilities in the URL parsing code. We will discuss prevention strategies and examine some well-known examples. For API developers, we will investigate ways in which SSRF can be directed at vulnerable APIs and examine a few recent API breaches and the latest research.

Speakers

Colin Domoney 2

Colin Domoney

Developer Advocate & API Security Researcher

42Crunch

 

 

jimmanico BW

Jim Manico

CEO

Manicode Security

 

 

Watch the Webinar

Webinar Partner

At Manicode Security 100% of their focus is teaching developers to write secure code. They bring a combination of passion, style and decades of research into all of their education offerings.

Partnered with: Manicode Security

Manicode Logo

Latest Resources

BLOG

42Crunch member of MISA

Why 42Crunch’s MISA Certification is Important for API Security

By Tom Chang | January 10, 2023

42Crunch is the first API Security platform vendor to join the Microsoft Intelligent Security Association (MISA). By combining Microsoft Sentinel’s intelligent analytics with 42Crunch’s API design and run-time security controls enterprises gain a holistic view of their API security program.

NEWS

42Crunch member of MISA

42Crunch expands Microsoft collaboration by joining MISA

By Newsdesk | January 10, 2023

42Crunch Expands Collaboration with Microsoft by Joining Microsoft Intelligent Security Association Collaboration Consolidates End-to-End API Security Experience for the Enterprise San Francisco, January 10, 2023 – 42Crunch, the Developer First API Security platform company, announced today that it has joined the Microsoft Intelligent Security Association (MISA), a group of […]

DataSheet

Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.